Amoroso, Edward G.
'Main Points: ' Security Threats to National Infrastructure: 1. Confidentiality 2. Integrity 3. Availability 4. Theft Three types of adversaries and three exploitation points: (5) 10 basic design and operation principles: 1. Deception 2. Separation 3. Diversity 4. Commonality 5. Depth 6. Discretion 7. Collection 8. Correlation 9. Awareness 10. Response 'Side Notes: ' National Military Strategy (2011): '' Leadership, new partnerships, uncertain future (0) Security of the American people, our territory, and our way of life. (1) Within the global commons – shared areas of sea, air, and space – and globally connected domains such as cyberspace… (3) We will enhance deterrence in air, space, and cyberspace by possessing the capability to fight through a degraded environment and improving our ability to attribute and defeat attacks on our systems or supporting infrastructure. (8) The Joint Force will take a strong role in international efforts to safeguard access, sustain security, provide oversight and accountability, and promote responsible norms in the global commons and cyberspace. (9) Cyberspace capabilities ENABLE Combatant Commanders to operate effectively across all domains. (10) In response to an attack, cyber incident, or natural disaster, we will focus on rapidly providing…to the Department of Homeland Security… (10) To safeguard U.S. and partner nation interests, we will be prepared to demonstrate the will and commit the resources needed to oppose any nation’s actions that jeopardize access to and use of the global commons and cyberspace, or that threaten the security of our allies. (14) Secure the .mil domain using detection, deterrence, denial, and multi-layered defense. We will improve our cyberspace capabilities so they can often achieve significant and proportionate effects with less cost and lower collateral impact. (19) ''DoD Strategy for Operating in Cyberspace (2011): 3 (4) threats: external, insider, supply chain & threats to DoD’s operational ability. (3) Intellectual property: as military strength ultimately depends on economic vitality, sustained intellectual property losses erode both U.S. military effectiveness and national competitiveness in the global economy. (4) Strategic Initiatives: 1. DoD will treat cyberspace as an operational domain to organize, train, and equip so that DoD can take full advantage of cyberspace’s potential. (5) 2. DoD will employ new defense operating concepts to protect DoD networks and systems. (6) 3. DoD will partner with other U.S. government departments and agencies and the private sector to enable a whole-of-government cybersecurity strategy. (8) 4. DoD will build robust relationships with U.S. allies and international partners to strengthen collective cybersecurity. (9) 5. DoD will leverage the nation’s ingenuity through an exceptional cyber workforce and rapid technological innovation. (10) National security is being redefined by cyberspace. (13) International Strategy for Cyberspace (2011): Open, interoperable, and secure and reliable (3) Free flow of information, the security and privacy of data, and the integrity of the interconnected networks themselves are essential to American prosperity, security, and the promotion of universal rights. (3) Future: (7) - intellectual property and valuable data are safe - individuals know the threats to their computers and can take easy steps to protect them - private-sector companies also take a responsibility for their network hygiene - government can detect cybersecurity threats early and share data in real-time to mitigate the spread of malware or minimize the impact of a major disruption – all while preserving the broader free-flow of information - when a crime is committed internationally, law enforcement agencies are able to collaborate to safeguard and share evidence and bring individuals to justice. Stability through norms (9) Reserving the right to defend these vital national assets as necessary and appropriate. (12) We fully recognize that cyberspace activities can have effects extending beyond networks; such events may require responses in self-defense. (13) 'Paper Notes: ' 'My Thesis: ' 'Notes: ' Institutions that monitor and control the norms of cyberspace should be like the FDA. It can’t stop an outbreak of salmonella, but it can track where it came from, who was exposed, and make recovery faster and with less damage because of the information it keeps and the inspections it performs